Free Resources for Incident Response Professionals
To help make your tough job a bit easier.
Analyst Reference
More than a cheat sheet, less than a book, these are primers and references for some of the core topics incident responders need to understand.
![Lateral Movement Analyst Reference](/images/applied-frontend/icons/pdf-icon-4.png)
Lateral Movement Analyst Reference
Adversaries move from system to system once they compromise a network. Learn to detect lateral movement within your environment.
![Event Log Analyst Reference](/images/applied-frontend/icons/pdf-icon-4.png)
Event Log Analyst Reference
Windows Event Logs store an increasingly rich set of data. This reference walks you through configuring, storing and analyzing Windows events.
![Memory Analysis with Volatility Analyst Reference](/images/applied-frontend/icons/pdf-icon-4.png)
Memory Analysis with Volatility Analyst Reference
The battle for our boxes is increasingly being fought in RAM. Learn to use Volatility to hunt for evil on your systems.
![Credential Defense Analyst Reference](/images/applied-frontend/icons/pdf-icon-4.png)
Credential Defense Analyst Reference
Most attackers use credential theft as a key tactic. This document presents key defensive controls to make your environment a harder target.
Quick Reference
These are short cheat sheets that you can use to keep syntax and key facts close at hand.
![Default Windows Processes Quick Reference](/images/applied-frontend/icons/pdf-icon-4.png)
Default Windows Processes Quick Reference
Quick Reference on normal system processes on a Windows system, including their executable’s path on disk, the usual process tree, and descriptions of each process.
![WMIC Quick Reference](/images/applied-frontend/icons/pdf-icon-4.png)
WMIC Quick Reference
Windows Management Instrumentation Command-line utility is a great resource for incident responders. This quick reference will help you with examples and syntax.
![PowerShell Quick Reference](/images/applied-frontend/icons/pdf-icon-4.png)
PowerShell Quick Reference
A quick reference for exploring the immense value of PowerShell for incident response, including basic syntax and useful cmdlets.
Presentations
PDFs of the slides from some of our public talks.
![Pass the What Now? Understanding Credential Attacks in a Windows 11 World](/images/applied-frontend/icons/pdf-icon-4.png)
Pass the What Now? Understanding Credential Attacks in a Windows 11 World
Review pass-the-hash, pass-the-ticket, and other classic attacks. Then look at Microsoft’s Modern Authentication, attacks against it, and how it relates to your environment.
![The Light Side of the Force: PowerShell for Incident Response](/images/applied-frontend/icons/pdf-icon-4.png)
The Light Side of the Force: PowerShell for Incident Response
A high-level look at how PowerShell and PowerShell Remoting can benefit incident responders and network defenders using built-in capabilities.
![Pivot and Pillage: Lateral Movement within a Victim Network](/images/applied-frontend/icons/pdf-icon-4.png)
Pivot and Pillage: Lateral Movement within a Victim Network
This presentation accompanies our Lateral Movement Analyst Reference PDF to highlight ways to detect and defeat hidden adversaries.
![BYOD or Bring Your Own Destruction](/images/applied-frontend/icons/pdf-icon-4.png)
BYOD or Bring Your Own Destruction
Examine the assumptions that have gone into BYOD policies and take a moment to evaluate how reasonable our rush to embrace this approach has been.
![A Network Defender’s Guide to Credential Attacks](/images/applied-frontend/icons/pdf-icon-4.png)
A Network Defender’s Guide to Credential Attacks
A look at common credential attacks on premise, in the cloud, and across the Internet with a goal of understanding how to prevent and detect them.
![Do You Want to Build a Test Lab?](/images/applied-frontend/resources-vector.png)
Do You Want to Build a Test Lab?
You can get free Microsoft licenses from here:
https://www.microsoft.com/en-us/evalcenter/
You can configure a test domain using the Config-LabSystem.ps1 script and the associated UserList.csv below
Additional Links
If you would like some recommendations for other sites to get great IT security information, click here.
![Image](/images/applied-frontend/book-applied-incident-response.png)
Get the book
Applied Incident Response details effective ways to respond to advanced attacks against local and remote network resources, providing proven response techniques and a framework through which to apply them.
![Image](/images/applied-frontend/book-applied-incident-response.png)